AppOnChip

Providing the Strongest Application Protection Available for Hardware Key Users

AppOnChip is another level of protection added to Gemalto’s industry-leading Sentinel Envelope which wraps an application to provide robust IP protection against unauthorized use, distribution, tampering and reverse engineering. AppOnChip facilitates an inseparable binding of the Sentinel hardware key to the application. This fully automated process presents software vendors with a list of functions from their application that contain code blocks that are compatible with the AppOnChip feature. The protected code blocks, encrypted and signed, can then be loaded and executed on the hardware key itself. This additional security measure makes it the most secure software licensing implementation in the market. Moreover, this AppOnChip feature can be used to protect both 32-bit and 64-bit native binaries (EXE and DLL files).

Features and Benefits:

Stronger Security – AppOnChip provides stronger protection from unauthorized software use by requiring the token to be present for the application to execute.

Easy Implementation – The process of binding the software to the hardware key, analyzing which code can be executed on the token and converting code into token-executable form is entirely automated – no engineering efforts are required.

Maximum Licensing Flexibility – The protected code blocks do not utilize any of the storage space of the hardware key, ensuring that the ISV has maximum memory available for license storage.

No headaches for legitimate end users – AppOnChip functionality is transparent to the end users’ experience.

No Operational Burden – No additional requirements to update the keys in the field if a new version of the software is released.

LEAP Newsletter

Protection and Execution

Protection

Once the AppOnChip feature is enabled within Sentinel LDK the unprotected application will get parsed by AppOnChip to analyze all the supported functions. Code blocks from all or several functions, based on ISV selection, get converted to a form that can then be executed on the key. These converted code blocks are encrypted and signed for security.

Execution

When an end user attempts to use the software the execution phase kicks in. The protected software executes normally until it reaches the function protected by the AppOnChip feature of Sentinel LDK. The code flow in the application transfers to the key. AppOnChip dynamically loads and then executes the protected code securely on the key. The results from the executed code are returned back to the application and normal flow continues.